Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Natao arisiva ity resaka mitohy ity. Mametraha fanontaniana azafady raha mila fanampiana.

How to lock down Firefox in an Enterprise Environment?

  • 8 valiny
  • 3 manana an'ity olana ity
  • 132 views
  • Valiny farany nomen'i cor-el

more options

I need to lock a bunch of preferences so they can not be changed by users on multiple Windows 7 computers running Firefox. I was able to get most of the settings I needed locked down in a test environment by using the Firefox-GPO-Addon and an .adm template I found online:

https://addons.mozilla.org/en-us/firefox/addon/gpo-for-firefox/

   The template is outdated and does not match many of the settings, but it was easy to add settings to the .adm template. I do not like this method since I have to install the addon (somehow) on all of the computers. Also, there are a couple of settings I need to configure (such as privacy.sanitize.promptOnSanitize", false) that are not currently in the 'about:config' by default and the GPO does not create them.
   So, I have been trying to figure out the other method of configuring Firefox settings in an enterprise environment, and have been working mostly with these articles:

http://stealthpuppy.com/prepare-mozilla-firefox-for-enterprise-deployment-and-virtualization/
http://kb.mozillazine.org/Locking_preferences

   I figured once I have the mozilla.cfg and local-settings.js configured, I can copy them to all of the computers with a script, instead of having to install the GPO AddOn. Here's what my local-settings.js looks like:

pref("general.config.obscure_value", 0);
pref("general.config.filename", "mozilla.cfg");

And here's my mozilla.cfg file, with some of the settings I need configured:

//
pref("browser.startup.homepage", http://www.msn.com);
lockPref("browser.startup.homepage", http://www.msn.com);
pref("security.tls.version.max", 1);
lockPref("security.tls.version.max", 1);
pref("security.tls.version.min", 0);
lockPref("security.tls.version.min", 0);
pref("security.default_personal_cert", Ask Every Time);
lockPref("security.default_personal_cert", Ask Every Time);
pref("app.update.enable", false);
lockPref("app.update.enable", false);
pref("browser.search.update", false);
lockPref("browser.search.update", false);
pref("extensions.update.enabled", false);
lockPref("extensions.update.enabled", false);
pref("network.protocol-handler.external.shell", false);
lockPref("network.protocol-handler.external.shell", false);
pref("plugin.disable_full_page_plugin_for_types", PDF, FDF, XFDF, LSL, LSO, LSS, IQY, RQY, XLK, XLS, XLT, POT PPS, PPT, DOS, DOT;
lockPref("plugin.disable_full_page_plugin_for_types", PDF, FDF, XFDF, LSL, LSO, LSS, IQY, RQY, XLK, XLS, XLT, POT PPS, PPT, DOS, DOT);
   However, when I copy the mozilla.cfg file to C:\Program Files (x86)\Mozilla Firefox\ and the local-settings.js file to C:\Program Files (x86)\Mozilla Firefox\defaults\pref it has no effect on the settings in Firefox. I can go to about:config and see nothing has changed. 
   Any help is appreciated!
I need to lock a bunch of preferences so they can not be changed by users on multiple Windows 7 computers running Firefox. I was able to get most of the settings I needed locked down in a test environment by using the Firefox-GPO-Addon and an .adm template I found online: https://addons.mozilla.org/en-us/firefox/addon/gpo-for-firefox/ The template is outdated and does not match many of the settings, but it was easy to add settings to the .adm template. I do not like this method since I have to install the addon (somehow) on all of the computers. Also, there are a couple of settings I need to configure (such as privacy.sanitize.promptOnSanitize", false) that are not currently in the 'about:config' by default and the GPO does not create them. So, I have been trying to figure out the other method of configuring Firefox settings in an enterprise environment, and have been working mostly with these articles: http://stealthpuppy.com/prepare-mozilla-firefox-for-enterprise-deployment-and-virtualization/<br /> http://kb.mozillazine.org/Locking_preferences I figured once I have the mozilla.cfg and local-settings.js configured, I can copy them to all of the computers with a script, instead of having to install the GPO AddOn. Here's what my local-settings.js looks like: pref("general.config.obscure_value", 0);<br /> pref("general.config.filename", "mozilla.cfg"); And here's my mozilla.cfg file, with some of the settings I need configured: <pre><nowiki>// pref("browser.startup.homepage", http://www.msn.com); lockPref("browser.startup.homepage", http://www.msn.com); pref("security.tls.version.max", 1); lockPref("security.tls.version.max", 1); pref("security.tls.version.min", 0); lockPref("security.tls.version.min", 0); pref("security.default_personal_cert", Ask Every Time); lockPref("security.default_personal_cert", Ask Every Time); pref("app.update.enable", false); lockPref("app.update.enable", false); pref("browser.search.update", false); lockPref("browser.search.update", false); pref("extensions.update.enabled", false); lockPref("extensions.update.enabled", false); pref("network.protocol-handler.external.shell", false); lockPref("network.protocol-handler.external.shell", false); pref("plugin.disable_full_page_plugin_for_types", PDF, FDF, XFDF, LSL, LSO, LSS, IQY, RQY, XLK, XLS, XLT, POT PPS, PPT, DOS, DOT; lockPref("plugin.disable_full_page_plugin_for_types", PDF, FDF, XFDF, LSL, LSO, LSS, IQY, RQY, XLK, XLS, XLT, POT PPS, PPT, DOS, DOT); </nowiki></pre> However, when I copy the mozilla.cfg file to C:\Program Files (x86)\Mozilla Firefox\ and the local-settings.js file to C:\Program Files (x86)\Mozilla Firefox\defaults\pref it has no effect on the settings in Firefox. I can go to about:config and see nothing has changed. Any help is appreciated!

Novain'i cor-el t@

Vahaolana nofidina

hello, the mozilla.cfg file isn't very error tolerant - so please first only try it with one line to see if it is correctly called by the local-settings.js file:

//
pref("browser.startup.homepage", "http://www.msn.com"); 

you also shouldn't set each preference twice - pref, lockPref & defaultPref have different meanings: http://mike.kaply.com/2012/03/16/customizing-firefox-autoconfig-files/

Hamaky an'ity valiny ity @ sehatra 👍 2

All Replies (8)

more options

Hi,

Have you read the http://kb.mozillazine.org/Locking_preferences article?

Hope this helps!

cyborg4

more options

It might also be useful to join and search the Enterprise Working Group (EWG) mailing list. There's a link on this page: http://www.mozilla.org/en-US/firefox/organizations/

Novain'i jscher2000 - Support Volunteer t@

more options

Yes Cyborg 4, I have read that article as well.

more options

Hmm. That's rather odd!

Let me see if I can find a way to sort this for you.

more options

Hi,

Not sure if this article is relevant - it's quite old! http://mike.kaply.com/2013/05/13/more-major-changes-coming-in-firefox-21/

Curtis

more options

Vahaolana Nofidina

hello, the mozilla.cfg file isn't very error tolerant - so please first only try it with one line to see if it is correctly called by the local-settings.js file:

//
pref("browser.startup.homepage", "http://www.msn.com"); 

you also shouldn't set each preference twice - pref, lockPref & defaultPref have different meanings: http://mike.kaply.com/2012/03/16/customizing-firefox-autoconfig-files/

more options

Phillip, my issue was I was lacking "the quotations", thanks!

more options

Note that string prefs need to have their values surrounded by quotes as you probably found out.
Integer and Boolean prefs mustn't have quotes.
The mozilla.cfg file is run as JavaScript (prefs.js and user.js are interpreted) and thus can contain JavaScript code as well and will throw an exception in case of errors.

lockPref("security.default_personal_cert", "Ask Every Time");
lockPref("plugin.disable_full_page_plugin_for_types", "PDF, FDF, XFDF, LSL, LSO, LSS, IQY, RQY, XLK, XLS, XLT, POT PPS, PPT, DOS, DOT");

Novain'i cor-el t@